[openstack-dev] [Security] [Bandit] Using multiprocessing/threading to speed up analysis

Clark, Robert Graham robert.clark at hp.com
Mon Jun 8 16:38:07 UTC 2015

Interesting work,

I guess my initial thought would be - does it need to be faster?

Will this work make maintenance and the addition of features more


On 08/06/2015 08:26, "Ian Cordasco" <ian.cordasco at RACKSPACE.COM> wrote:

>Hey everyone,
>I drew up a blueprint
>hecks) to add the ability to use multiprocessing (or threading) to Bandit.
>This essentially means that each "thread" will be fed a file and analyze
>it and return the results. (A file will only ever be analyzed by one
>This has lead to significant speed improvements in Flake8 when running
>against a project like Nova and I think the same improvements could be
>made to Bandit.
>I'd love some feedback on the following points:
>1. Should this be on by default?
>   Technically, this is backwards incompatible (unless we decide to order
>the output before printing results) but since we're still in the 0.x
>release series of Bandit, SemVer allows backwards incompatible releases. I
>don't know if we want to take advantage of that or not though.
>2. Is output ordering significant/important to people?
>3. If this is off by default, should the flag accept a special value,
>e.g., 'auto', to tell Bandit to always use the number of CPUs present on
>the machine?
>OpenStack Development Mailing List (not for usage questions)
>Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe

More information about the OpenStack-dev mailing list